Level 36, Burj Al Salam Tower, Trade Center First, Sheikh Zayed Road, Dubai, UAE.

AML Compliance UAE: Your Complete Guide to Combat ML/FT in the UAE

AML Compliance Services in Dubai, UAE
Table of Contents

Money laundering is a serious global issue. According to UNODC’s report, the money laundered globally every year is worth 2.7% of the global GDP, which will be approximately $2.8 trillion in 2023.

If left unchecked, money laundering can cause substantial damage to financial institutions and a country’s economic stability. Failure to stop money laundering activities may also increase crime rates.

The UAE has always been fighting these threats that can hurt the country’s economy. The nation is committed to combating financial crimes with its comprehensive anti-money laundering laws and regulations. The AML supervisory authorities in the UAE constantly monitor the AML compliance of various entities to ensure there are no issues.

Businesses found non-compliant face harsh consequences in the form of fines and penalties. They may also endure reputational and financial losses. In this guide, we will offer you all the details regarding the anti-money laundering framework in Dubai, do’s and don’ts, as well as how to ensure you remain AML compliant.

So, let’s start with the most basic question.

What is Anti-Money Laundering (AML)?

To understand anti-money laundering, let’s first understand money laundering. Money laundering is the method criminals and gangsters use to convert their illegal money into legal by finding loopholes in the system. They do this to hide the true sources of their money, which are criminal activities.

Anti-money laundering (AML) is the government’s method of countering money laundering by implementing laws and regulations that keep a company’s finances safe from fraud and corruption. AML compliance in Dubai prevents criminals from hiding and illegally transporting their illegally obtained funds.

Various AML controls include KYC, transaction monitoring, sanctions screening, etc. The UAE AML compliance authorities ensure that all businesses remain compliant with the AML framework.

UAE’s AML Legal Framework and Authorities

The United Arab Emirates has taken a strong stance against ML/FT. The nation has introduced a comprehensive anti-money laundering (AML) legal framework and established multiple authorities to enforce these regulations in various sectors and regions.

Here’s how the AML Legal Framework in the UAE looks.

  • Federal Decree-Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT): This law provides the overarching legal framework the UAE uses to execute its AML/CFT efforts. It offers laws and regulations for reporting entities, customer due diligence requirements, suspicion transaction reporting, the appointment of an AML officer, and consequences for non-compliance.
  • Regulatory Guidelines and Circulars: Regulatory authorities such as the Central Bank of the UAE (CBUAE), the DFA (Dubai Financial Services Authority) of DIFC (Dubai International Financial Centre), and the FSRA(Financial Services Regulatory Authority) of the Abu Dhabi Global Market (ADGM) issue guidelines and circulars. To comply with AML/CFT regulations, regulated entities must follow the rules mentioned in the guidelines. 
  • International Standards and Conventions: The United Arab Emirates has crafted its AML/CFT framework to align with international standards and conventions. The framework follows the rules of the Financial Action Task Force (FATF).

The main laws included in the AML/CFT legal framework in the UAE are:

  • Federal Decree-Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations 
  • Federal Decree Law No. (34) of 2022 regulating the legal profession and legal consultation profession.
  • Federal Decree law No. (26) of 2021 (amending specific provisions of Federal Decree-law No. (20) of 2018)
  • Cabinet Decision 10 of 2019 regarding the executive regulations for crimes of money laundering and terrorist financing
  • Cabinet Decision No. (24) of 2022 amending Cabinet Decision No. (10) of 2019 Executive Regulations of Decree-Law No. (20) of 2018

In addition to the laws mentioned above, businesses must also comply with the following legislation: 

  • Cabinet Decision No. (74) of 2020 regarding the terrorist list system and the implementation of Security Council resolutions related to preventing and suppressing terrorism and its financing
  • Cabinet Resolution No. (16) of 2021 regarding the consolidated list of violations and administrative fines inflicted on violators of anti-money laundering measures 
  • Ministerial Decision No. (532) of 2019 regarding the establishment of the Anti-Money Laundering Department 2019
  • Decision of the Minister of Justice No. 533 of 2019 regarding the procedures for combating money laundering and financing of terrorism for lawyers, notaries, and professionals

AML Supervisory & Reporting Authorities in the UAE

The UAE has multiple AML/CFT supervisory authorities covering various regions and types of businesses. Let’s take a look at all the supervisory authorities operating in the UAE to tackle money laundering and terrorism financing issues. 

  • The Ministry of Economy (MOE): The ME supervises all regulated entities operating on the UAE mainland, except financial institutions, which are supervised by the Central Bank of the UAE.
  • The Central Bank of the UAE (CBUAE): The CBUAE is the primary financial regulator in the UAE. It supervises the financial institutions, banks, fintech, and other financial entities operating in the UAE Mainland. It is responsible for creating and executing AML/CFT regulations for the financial sector in the UAE.
  • Securities and Commodities Authority (SCA): The SCA regulates and supervises the securities and commodities markets in the UAE. It issues AML/CFT guidelines and regulatory frameworks for securities and commodities market participants and also for the UAE Capital Market Virtual Asset Service Providers, except the ones in Dubai and ADGM.
  • Insurance Authority (IA): The IA regulates and supervises the UAE’s insurance sector. It sets and implements the AML/CFT framework for insurance companies and intermediaries operating in the UAE.
  • Financial Services Regulatory Authority (FSRA): The FSRA (a regulatory authority) supervises the Abu Dhabi Global Market (ADGM), a financial Free Zone in Abu Dhabi. It enforces laws and regulations so the financial institutions and designated non-financial businesses and professions (DNFBPs) operating within the ADGM comply with the AML/CFT regulatory framework.
  • Dubai Financial Services Authority (DFSA): The DFSA is the regulatory authority for the Dubai International Financial Centre (DIFC), a financial Free Zone in Dubai. It sets AML/CFT regulations and supervises financial institutions and DNFBPs operating in the DIFC.
    • Dubai Integrated Economic Zones Authority (DIEZ): DIEZ serves as the supervisory authority for IFZA Free Zone Authority AML Compliance.
  • Dubai’s Virtual Asset Regulatory Authority (VARA): VARA is responsible for scrutinising the AML/CFT compliance of virtual asset service providers in Dubai, except for the DIFC Free Zone.
  • The Ministry of Justice: It is the supervisory authority for lawyers and legal consultants.
  • The Financial Intelligence Unit (FIU): The FIU serves as the reporting authority for all suspicious transactions and activities related to money laundering and terrorism financing in the UAE.

All the authorities mentioned above coordinate to ensure compliance with AML/CFT regulations. They operate diligently to enhance the UAE’s efforts to combat financial crimes. To maximise the efforts, the UAE participates in international cooperation initiatives to effectively eliminate the problems of ML/FT around the world.

Why are Companies getting AML Notifications from Authorities?

If a company receives an AML notification from authorities, the authorities might suspect the business of engaging in money laundering or any other illegal financial activities. 

Companies receive these AML notifications from authorities because they are mandatory under Federal Decree-law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organisations. AML authorities inform companies that they are being suspected by sending a notification.

AML Notification System

To better understand why a business might the notification, let’s understand the AML notification system:

  • The Financial Intelligence Unit (FIU) of the UAE Central Bank has developed the goAML online portal. It is an internationally approved online system for collecting and analysing financial as well as non-financial information required to fight financial crimes, such as money laundering and the financing of terrorism.
  • Both financial institutions and Designated Non-Financial Businesses and Professions (DNFBPs) are required to register in the goAML system. They must legally submit any suspicious transaction reports (STRs) in the system for further inspection. 
  • The goAML system enables the FIU to monitor trends and anything unnatural in the processes. It allows FIU to review reports of suspicious transactions and activities, thereby efficiently reducing potential threats and anomalies.

goAML: Dos and Don’ts

Companies must ensure they do not disclose to clients or anyone else that suspicious transactions or activities related to them have been reported or are going to be reported so they do not become alert and hide anything. Compliance officers or MLROs must decide whether to close the case or report an STR/SAR (Suspicious Activity Report) to the FIU. Such decisions must be clearly documented to ensure accuracy and transparency. 

Delays in clearing alerts from the authorities and reporting STRs/SARs to the FIU are considered deficiencies in the post-STR and SAR process. All regulated entities must maintain records of all information and documents related to transactions for at least five years. 

It is important to note that submitting Real Estate Activity Reports (REARs) does not exempt companies from their obligations to submit other types of reports via goAML. Other reports might include STRs, SARs, Funds Freeze Reports (FFRs), Partial Name Match Reports (PNMRs), High-Risk Country Reports (HRCs), and High-Risk Country Activity Reports (HRCAs).

Companies can contact FIU for inquiries regarding the goAML system and their respective supervisory authority for queries regarding supervision and regulatory compliance.

AML inspections and audits find the root cause of the problem and the person responsible. By eliminating the cause and implementing a proper AML compliance framework, you can develop a company culture where every employee is accountable. By strictly complying with AML regulations, no employee can disrupt the company’s financial operations illegally to reap personal benefits.

Key AML Compliance Requirements

To ensure a high-quality AML regulatory framework in your organisation, you have to cover the following key pointers:

goAML registration process for reporting entities

goAML is an online portal used by FIU to collect suspicious transaction data, as the reporter observed. Three types of businesses are legally required to register with the goAML portal: financial institutions, DNFBPs, and virtual asset service providers.

You can register for goAML in 2 steps –

  • Visit the FIU’s website to register on their Service Access Control Manager (SCAM) system. You will receive a username and a secret key.
  • In the next step, use your registered mobile and the secret key to set up the Google Authenticator app.
  • A 6-digit code will be delivered to the app that can be used to access the goAML portal for registration.

You will be required to submit the following document to complete your registration:

  • A copy of the passport, Resident Visa, or Emirates ID of the applicant
  • A copy of the company’s trade/commercial licence
  • Authorisation letter favouring the appointment of the AML Compliance Officer

Appointment of an AML Compliance Officer

It is mandatory for every AML-compliant entity to appoint an AML Compliance Officer. Every compliance officer must be appointed with appropriate experience, knowledge, and competence. 

The duties of the compliance officer are outlined in Article 21 of the Implementation Regulations and include providing all relevant data, procedures, and obligations to fulfil the AML/CFT legislation requirements. You can divide them further into three parts.

  • AML/CFT Programme Management: implementation and adoption of new policies, processes, and controls while conducting periodic reviews and report any changes or updates to the senior management
  • AML/CFT Training & Development: create the AML/CFT training for the employees and supervise the staff training while keeping the modules updated as per the latest laws and regulations
  • ML/FT Reporting: detect any suspicious activity, conduct an internal investigation, and report it to the senior management while sending reports to the relevant authorities as well

Compliance Officer’s Data

Every company must properly maintain a compliance officer’s data and provide it if requested by the authorities. The required information includes: 

  • Name 
  • Contact information 
  • A valid copy of the passport 
  • ID card 
  • A letter of assignment from the company to the duties of the compliance officer

This requirement to maintain and provide compliance officer’s data upon request is stated in Article (21) of the Implementation Regulations No. (10) of 2019 for Federal Decree-law No. (20) of 2018 On Anti-Money Laundering And Combating The Financing of Terrorism.

Reporting Suspicious Transactions

The Compliance Officer or the Money Laundering Reporting Officer (MLRO) is completely accountable for reviewing, verifying, and reporting suspicious transactions (STRs/SARs). The MLRO should have adequate experience, independence, and a proper level of seniority to execute one’s duties and perform one’s role effectively.

An MLRO must analyse every transaction to detect ones that can be related to any crime defined in the AML-CFT Decision. The officer must report one’s concerns as well as the transactions to the FIU. 

Additionally, an MLRO can conduct training sessions consistently so that all staff members can act as the first line of defence.

Conduct an AML Business Risk Assessment

To make sure compliance with the AML regulatory framework, entities must occasionally perform an AML business risk assessment. The main steps of an AML business risk assessment include:

  • Assessing types of MF/FT/PF risks likely to occur in your company
  • Analyse various scenarios that could lead to the occurrence of such risks and their impact
  • Identify if proper control measures are placed for each scenario
  • Find residual risk by identifying inherent risk and how much control you have over it
  • Ensuring that risk falls within the ‘risk appetite’
  • Finding out additional controls or measures required to ensure AML compliance

Develop and implement AML policies, procedures, and controls

Every organisation must have proper AML policies, internal procedures, and controls to comply with AML laws and regulations. Some major elements of AML policies are:

  • Risk Identification: consider various internal and external factors with ML/PF/FT trends for risk identification as well as chances of risks, including their effect and timing.
  • Risk Mitigation: classify risks, prioritise them, and focus on ML/FT/PF control measures
  • Customer Onboarding: KYC and ongoing monitoring policy as well as customer acceptance and exit policy 
  • Suspicious Transactions: classify suspicious transactions, develop internal mechanisms for identification, and take the final decision as well as explain the logic behind the final decision 
  • Reporting: keep a log of internal reviews, filing STR/SAR with FIU, as well as other reporting requirements 
  • Record Keeping: maintain records and decide their access rights related to AML/CFT and explain an archival and disposal policy 
  • Governance: roles and responsibilities of compliance officer and senior management while focusing on employees’ training and development
  • Targeted Financial Sanctions (TFS): screening of international sanctions and managing alerts while reporting if necessary 

Know Your Customer (KYC) 

KYC of customers is important to understand the nature of the transaction and ensure that it is not a part of money laundering. Also, cross-check the customer from the international sanctions list to ensure they’re not already banned.

For KYC, you will need the following details:

Information: For personal details of the customer, you will need the Name, Nationality, Gender, DOB, Address, Contact details, tax number, the purpose of the transaction, and the employer’s name and address. 

You must also submit the organisation’s details, such as name, nature of business, date of incorporation, and company address. You must also provide information on directors, shareholders, and senior management and the previous year’s annual report.

Documents: For individuals, the required documents are Emirates ID/ Passport, DL, or any other government-issued document with a photograph. Utility bills, bank statements, property purchases, or rent agreements can be used for address verification.  

For a corporate entity, a certificate of incorporation, trade licence, memorandum of association, or articles of association can be used as the ID. Similar documents can be used for addresses if they are in the company’s name. Businesses must also provide their audited financial statements and shareholder/directors/UBO register.

DIRECTORS/UBO/ PARTNERS/SHAREHOLDERS: Finally, you must provide all the information regarding directors/partners/shareholders/UBO by submitting the same documents as mentioned above to the individuals.

The designations of directors and senior management must be highlighted. If there are partners/shareholders, how much of their shares must be shared? Similarly, explain what qualifies a person as a UBO. 

Sanctions screening and reporting obligations

Sanctions screening is a crucial part of the AML regulatory framework. DNFBPs must register in the FIU’s automatic reporting system to obtain the sanctions lists automatically and submit suspicious transaction reports. These are the lists of targeted financial sanctions from the UNSC (United Nations Security Council consolidated sanctions lists and domestic terrorism lists that get updated regularly. 

To get a better understanding of the TFS, a DNFBP can refer to the guidance documents published by the Executive Office of the Committee For Goods & Materials Subjected To Import & Export Control.

A company can subscribe to the automatic reporting system for sanctions lists by visiting the Committee for Goods and Material Subject to Import and Export Control website. It ensures that your current or potential customer’s profile does not match the sanctions list. However, in case there is a complete or partial match, a company has to take drastic measures. 

If an existing customer’s profile completely matches, you must comply with Article (15) and Article (21) of Cabinet Decision No. (74) of 2020. As per the legislation, you must immediately freeze all assets and block the customer from using any funds under the UNSC Consolidated lists or Local lists.

DBFBPs are also required to prevent the provision of any services or transactions that may result in or contribute to the evasion of Targeted Financial Sanctions as per the regulations mentioned in UNSCR 2231 (2015) and UNSCR 1718 (2006).

If a match occurs, a proper report providing details of the cases must be sent to FIU. Even if there is a partial match, you must suspend all transactions of your existing and future customers. 

If no match is found, you can move ahead to the customer risk profiling and enhanced due diligence. 

Reporting Obligations of Regulated Entities 

The Federal Decree-law No. (20) of 2018 requires all Relevant Persons to report suspicious activities directly through its electronic system or by any means approved by the Financial Intelligence Unit (FIU) of the UAE Central Bank.

Relevant Persons must submit Suspicious Transaction Reports (STRs). DNFBPs (Designated Non-Financial Businesses and Professions) should implement Cabinet Decision No. (74) of 2020 Regarding Terrorism Lists Regulation and Implementation of UN Security Council Resolutions on the Suppression and Combating of Terrorism, Terrorists Financing & Proliferation of Weapons of Mass Destruction, and Related Resolutions.

Customer risk profiling and Enhanced Due Diligence (EDD)

Risk profiling involves analysing the customer’s history to check for any criminal records or financial fraud in the past. If you find the customer is a high-risk customer after profiling, you can proceed to the enhanced due diligence process. 

Here are some of the prerequisites that an organisation must do before proceeding with customer risk profiling and due diligence. 

  • LFIs and DNFBPs must design customised detection scenarios and parameters that are relevant to their operations.
  • LFIs must perform risk-based customer segmentation to divide customers into various risk groups based on their profile and business activities.
  • Licensed financial institutions must conduct proper statistical analysis to apply thresholds and parameters for different detection scenarios. 
  • To apply those thresholds, LFIs must obtain a decent amount of knowledge and develop an understanding of their customers’ transactional activity.

LFIs and DNFBPs must develop a documented Standard Operating Procedure (SOP) for the post-SAR process. The SOP must contain exit procedures, add names to internal watchlists, and increase risk ratings if applicable. SOPs must also include red flags, pointers, and indicators to track and find potential suspicious activity. 

Additionally, LFIs and DNFBPs must have processes and mechanisms to identify all accounts or relationships related to SAR customers. It is easier to conduct a proper review of suspicious transactions by analysing those associated accounts.

After risk profile analysis, LFIs and DNFBPs must classify the customer or business relationship as high-risk post-SAR. They must execute the required risk-based EDD and ongoing monitoring procedures. They must create effective controls like enhanced due diligence and ongoing monitoring in case FIU does not respond to them regarding a specific transaction or business relationship.

All due diligence measures must be re-evaluated based on the degree of risks for countries removed from FATF lists. DNFBPs should review the Grey List and the weaknesses identified in it. When looking for a risk-based approach, they must consider those weaknesses. 

However, you require sufficient KYC/CDD information and customer profiles for ongoing transaction monitoring in continued relationships. Furthermore, TM systems and processes must contain manual processes, such as manual reporting, reviews, adverse news screening, and regular or trigger event-based CDD.

Due Diligence Measures

Enhanced Due Diligence (EDD) is a more robust and stricter version of the KYC. EDD allows you to find additional information about a person by running some extra checks regarding the customer’s identity. The purpose of EDD is to implement Decree Law No. (20) of 2018 and its implementation regulation.

Implementation Regulations No. (10) offer the right guidance on how to execute the due diligence requirements. Due diligence measures taken by DNFBPs should be proportionate to the risks posed by business relationships and transactions with natural or legal persons from jurisdictions under increased monitoring (Grey List).

The efforts must be able to identify or verify the information of the client or the beneficiary owner. This due diligence process only applies to natural or legal persons or legal arrangements. If a person is found to have risks associated with the profile, you need senior management approval before engaging with such a customer.  

Reporting requirements (STR, SAR, FFR, PNMR, HRC, HRCA, DPMSR, REAR)

For any suspicious activity related to the AML regulatory framework, the entity must file a report with the respective authority. 

STR and SAR Reporting

FIU expects LFIs and DNFBPs to have efficient processes and trackers to record internal STRs. A single repository must be formed to store documents related to alerts/cases/STRs. Also, DNFBPs must differentiate between STR/SAR and other reporting types, such as DPMS reports and real estate activity reports.

LFIs and DNFBPs should have case management workflow functionality to promptly review and escalate TM alerts. It is recommended not to delay much while clearing alerts or reporting STR/SAR to the FIU. In addition to that, it is important to document the decision to close or report a case. 

If you reject a customer during the onboarding stage due to potential suspicious activity, you must evaluate such customers as potential SARs.

Post-STR and SAR Process

After reporting a suspicious transaction or other suspicious information to the FIU, companies can take certain immediate actions.

  • LFIs and DNFBPs must escalate the STR or SAR to the concerned decision-making authority for expedited analysis. 
  • In some instances, an alerted activity might require further investigation. Employees should conduct a preliminary investigation and document the findings in such cases. Based on the analysis, a recommendation must be made on whether to file an STR or SAR.
  • If case investigators identify an activity that requires immediate attention, they must quickly inform the designated STR or SAR authority.

Reporting via GoAML Platform

The GoAML platform is used to facilitate reporting TFS obligations. Licensed DNFBPs can use the goAML portal to submit TFS-related reports, including Funds Freeze Reports (FFRs) and Partial Name Match Reports (PNMRs).

GoAML is also used as a reporting platform for licensed DNFBPs to ensure compliance with their reporting obligations. All the TFS-related reports submitted with the goAML system are sent to the Ministry of Economy and the Executive Office – IEC.

Registration in the goAML System

Registering on the goAML platform is mandatory to submit suspicious transaction reports (STRs) and enforce legislation effectively. 

Visit the Ministry of Economy’s website to learn more about the goAML platform and how to register on it. 

Registration in Automatic Reporting System for Sanction Lists

Legal persons (companies) must register for sanction lists in the automatic reporting system to receive updated information for an effective EDD process.

Record-keeping and documentation maintenance

It is imperative to store all the documentation carefully. Documents related to customer and transaction information submitted reports, as well as training logs, must be kept properly. 

Governance and Management Oversight

The compliance program must have adequate funds, staff, and other necessary resources to work efficiently in identifying and reporting suspicious activity. Senior Management must prioritise the compliance program within the organisation by maintaining a strict attitude and tone from the top. 

Senior Management responsible for the compliance program should be given enough authority, information access, and resources to fulfil their responsibilities effectively. They must successfully track, identify, and report obligations on suspicious activity/transactions.

Regulatory Expectations & Guidance

Several regulatory documents are available that offer guidance regarding AML compliance and expectations. Let’s take a look at them:

  • Federal Decree Law No. (20) of 2018 On Anti-Money Laundering And Combating The Financing of Terrorism.
  • Implementation Regulations No. (10) of 2019.
  • Cabinet Decision No. (58) Of 2020 regulating the Beneficial Owner Procedures.
  • ADGM Anti-Money Laundering and Sanctions Guidance and Rules (AML Rules).
  • DFSA Anti-Money Laundering, Counter-Terrorist Financing and Sanctions Module (AML Rulebook).

Consequences of Non-Compliance and Fines Involved

If an entity fails to comply with the UAE’s AML regulations, there are severe consequences. If money laundering or corruption is detected in a company’s financial system, the company will be audited by the relevant authority and registered for AML. AML supervisory authorities have the right to review a company’s financial statements and records during an AML investigation. 

The consequences of non-compliance with the Decree-Law and its Implementing Regulation may include administrative penalties. 

  • Regulatory risks—Failure to execute a robust AML compliance framework in your company can result in an investigation. This can further lead to the detection of money laundering and attract administrative penalties ranging from AED 50,000 to AED 5,000,000 for each violation. Businesses may also run the risk of licence termination. 
  • Reputational risks – If a business is found to be involved in money laundering, it suffers huge damage to its reputation. It receives a lot of negative publicity and may also lose clients and business in the near future. 
  • Operational risks—When internal processes and systems become corrupted, companies face major financial and operational losses. Rebuilding strong systems and procedures takes considerable time and investment. 

The National Committee for Combating Money Laundering and Financing Terrorism and Illegal Organisations has decided to update the data of High-Risk jurisdictions and jurisdictions with higher monitoring on their website after every meeting of the FATF Plenary. 

Financial institutions (FIs) and Designated Non-Financial Businesses and Professions (DNFBPs) are required to verify and review the lists and available information on a regular basis. Licensed DNFBPs can consult the Ministry of Economy and the Executive Office – IEC for additional instructions and assistance. 

If there is a potential match from the list, FIs and DNFBPs should suspend any transaction and refrain from offering any funds or services as outlined in the Guidance on TFS. The organisations must immediately report the potential match to the Ministry of Economy and the Executive Office – IEC through the GoAML portal by selecting the Partial Name Match Report (PNMR).

FIs and DNFBPs must submit all the documents and details related to the name match. Suspension measures should remain in place until the Executive Office—IEC provides instructions via the GoAML platform.

To avoid penalties, it is necessary to notify the Ministry of Economy and share a copy of the report through the email sanctions@economy.ae. 

How to Reduce AML Fines and Penalties?

Every business must try to avoid or at least reduce AML fines and penalties as much as possible. Here are some ways to reduce AML fines and penalties:

  • Familiarise yourself with the Decree-Law and its Implementing Regulation: The first and foremost method to avoid and reduce AML fines and penalties is to stay compliant with the AML regulatory framework. Developing a deep understanding of the Decree-Law and its Implementing Regulation related to anti-money laundering (AML) and combating the financing of terrorism (CFT) is essential to implement a strong AML framework in your company and avoid non-compliance-related penalties.
  • Complete the ‘goAML’ pre-registration and registration: As a corporate entity, you must register into the goAML system to comply with the AML/CFT framework. It is an electronic portal that collects and analyses financial/non-financial information to track and identify suspicious transactions and activities in a company. Registering with goAML is a prerequisite to submitting suspicious transaction reports (STRs), which is part of compliance. To learn more about goAML and registration procedures, you can visit the Ministry of Economy’s website.
  • Verify and review High-Risk Country lists: After each FATF Plenary, the National Committee for Combating Money Laundering and Financing Terrorism and Illegal Organisations updated the information related to high-risk and increased monitoring jurisdictions based on the FATF Public Statement. Financial institutions (FIs) and designated non-financial businesses and professions (DNFBPs) should periodically check these lists to ensure there are no partial or full matches to avoid non-compliance. 
  • Implement Cabinet Decision No. (74) of 2020: DNFBPs should implement Cabinet Decision No. (74) of 2020, which relates to the Terrorism Lists Regulation and the implementation of UN Security Council Resolutions on the Suppression and Combating of Terrorism, Terrorists Financing & Proliferation of Weapons of Mass Destruction, and Related Resolutions. To implement it, DNFBPs must register in the automatic reporting system for sanctions lists.  The company will receive updated lists of targeted financial sanctions from the United Nations Security Council consolidated sanctions lists and domestic terrorism lists.
  • Stay informed about AML/CFT guidance and instructions: Stay updated and informed about AML/CFT laws and regulations by regularly visiting the Ministry of Economy’s website to find news, instructions, guidance, and information related to anti-money laundering and combating the financing of terrorism. 

However, it is important to note that these suggestions may not cover all possible ways or work in your specific circumstances to reduce or avoid AML fines and penalties. Therefore, we highly recommend that you consult legal and compliance professionals to help your unique case regarding AML/CFT regulations. 

The Ministry of Economy in the United Arab Emirates has introduced methods to fend off money laundering and terrorism financing crimes. The UAE has implemented federal law and its implementation regulations concerning anti-money laundering and counter-terrorism financing and the financing of illegal organisations as the legal basis for compliance with anti-money laundering and counter-terrorism financing crimes. 

The UAE complies with the internationally accepted guidelines in anti-money laundering and counter-terrorism financing crimes, as recommended by the Financial Action Task Force (FATF). However, you must understand these guidelines properly to implement them effectively in your company. 

A business entity can be classified as a Designated Non-financial Businesses and Profession (DNFBP). DNFBPs enjoy specific treatment and consequences for this categorisation. The Ministry of Economy has already crafted a plan to mitigate risks in various sectors of DNFBPs to enjoy sustainable growth of the country’s economy. Any business entity classified as DNFBP should remain updated with relevant legislation and manuals with reference to anti-money laundering. They must understand their obligations and act accordingly in specific scenarios. 

The Ministry is already working with partners to enforce various measures to make anti-money laundering compliance more effective. So far, their plans are based on a risk-based approach, which identifies and considers the risks visible in each sector. It is a known fact that the risks of money laundering and terrorism financing result from cross-border practices destabilising the global economy. Designated Non-financial Businesses and professional sectors are prone to exploitation by individuals or corporations involved in illegal activities and crimes through money laundering and terrorism financing operations.

The Ministry is working hard to offer awareness, training, support, and guidance manuals to assist businesses and individuals in complying with AML requirements and regulatory framework. It has already set up comprehensive strategies working with local authorities to enforce compliance in various sectors. 

Avyanco’s Expertise and How We Help

As mentioned earlier, working with an AML consultancy firm is the best method to ensure you are AML-compliant and will not receive any penalty. AML Experts in Dubai ensure that your business follows the laws of DFSA, UN, and FATF. 

Avyanco helps you incorporate a healthy culture of AML compliance into your company. This will allow your company’s financial operations to run without disruptions caused by criminal activities such as money laundering. 

As AML Experts in Dubai, we track all of your company’s transactions. By analysing every single detail, we find loopholes in your financial systems that could result in ML/FT/PF.

As the leading AML/CFT experts in Dubai, our services include: 

  • goAML registration, 
  • AML policy creation
  • Annual AML audit
  • Designing AML compliance framework
  • Risk assessment questionnaire assistance
  • Inspection support
  • Sanctions screening
  • Inhouse compliance department setup
  • AML training
  • Regulatory reporting

Avyanco, UAE’s leading AML consulting firm, helps businesses in Dubai foster a transparent and honest work environment. We ensure that the company’s finances are safe from various types of fraud and suspicious activities. AML Experts at Avyanco Auditing will check your transaction and account books to analyse them for potential fraud and suspicious transactions.

Reference links:



Specific Risk Factors in the Laundering of Proceeds of Corruption – Assistance to reporting institutions: http://fatf-gafi.org


About the Author

Jashvantkumar Prajapati

(Founder and CEO of Avyanco Group of Companies; Business Setup Consultancy, Avyanco Tax and Accounting LLC, and Avyanco Auditing LLC.)

He keeps a varied portfolio with core expertise in investment management, corporate structuring, commercial law, business consultancy, lead management, business planning and market research. Aspire to help potential entrepreneurs and investors to come ahead and form their companies in highly emerging economies like UAE.